Many business enterprises typically maintain sensitive digital resources, e.g., computers, confidential information, data, applications, etc., in secure data centers. An internal network of a secure enterprise network is typically protected by at least one high security firewall. Access to the internal network, and to the sensitive resources coupled thereto, is typically restricted to authorized users and authorized client devices. Such authorized client devices are typically internal client devices, that is, they are directly coupled to the internal network inside the secure enterprise network. Physical access to the internal client devices is controlled by physical means, e.g., locked doors and security personnel, and electronic access to the internal client devices is controlled by security software that authenticates and/or authorizes any user attempting to access the internal network. External access to the internal client devices and to the internal network is controlled by the high security firewalls. In a lock-down environment, especially when aiming at classified data leakage prevention, direct external access is security sensitive and typically not allowed. The access from internal client devices to external devices is selectively open.
Many large modern business enterprises have sales offices, business centers, secure data centers, and/or manufacturing sites distributed throughout the country and/or worldwide. In addition, employees of such enterprises are often mobile and not necessarily associated with an office or building controlled by the enterprise. For example, sales and service personnel regularly travel to and from customer sites, and may work from their respective residences. Some of these workers require access to their internal client devices during their travels or while working from home.
In such instances, the worker might be granted access to a virtual private network (VPN), which uses tunneling technology to establish a secure tunnel from the worker's external client device to a VPN gateway, which is deployed to the edge of the secure enterprise and connected to the internal network. The deployment of such a VPN infrastructure is complicated, because the VPN tunnel must travel over a public network, such as the Internet, then traverse through the enterprise intranet, and finally reach the internal client device of interest. In a protected intranet environment, the inbound VPN tunnel can be very intrusive, which requires open-holes in the firewalls that protect the internal client device of interest. Once a VPN infrastructure is deployed, with access to the VPN, the worker can gain remote access to the internal client device and send and receive TCP/IP network traffic. In effect, the worker's external client device becomes an internal client device with full access to the internal network and the sensitive resources connected thereto.
Because traditional tunnel-based VPN technology provides practically total network connectivity (i.e. TCP and IP) and access by remote users, serious security issues arise. For example, such unfettered access presents a potential risk of exposing proprietary information, weakening intrusion safeguards, or infecting the internal network with outside viruses. Of particular concern is the risk of “information leakage,” which refers to the extraction and misappropriation of confidential data from the internal client device. Moreover, because enforcing an application policy inside a VPN tunnel is difficult, the traffic traveling within a VPN tunnel is typically unmonitored. Thus, an authorized, but malicious, external client device can introduce harmful data to the internal network and/or extract and misappropriate sensitive data without being identified.
One approach to addressing this problem involves providing the end user with a view of a resource, e.g., an internal client device, thereby restricting the end user's ability to extract and insert data. For example, a presentation server developed by Citrix Systems, Inc., and based on a terminal services tool developed by Microsoft Corporation, allows an end user to use a client device to view, but not receive, resources within a secure enterprise network. The end user can use the client device to submit control commands against the resources via the presentation server, but is not allowed to transmit data or executables stored on the client device. The presentation server returns visual data, e.g., pixel data, which when displayed, shows the result of the control command. The end user's client device effectively becomes a “thin client” with respect to the resources in the enterprise network.
While this approach gives the end user access to the resources and protects the resources from misappropriation or corruption, it was designed with the requirement of physical network connectivity across Internet and intranet firewalls where typically a VPN tunnel, as described above, needs to be deployed. In other words, this approach is an internal network solution and generally available only for users who have direct access to the presentation server, which is typically within the secure enterprise network for security reasons. As stated above, most non-affiliated users and/or remote users will not have direct access to the internal network, let alone to the presentation server. In order to allow non-affiliated users or remote users to utilize this approach, the enterprise must implement additional security measures, which require complicated infrastructure work.
For example, in one known system, shown in FIG. 1, a secure enterprise 15 includes a portal client 17, a web server 18, and a presentation server 19 behind at least one enterprise firewall 16a, 16b, 16c in a perimeter network or DMZ. The portal client 17 can be a thin client that includes a web browser and an Independent Computing Architecture (ICA) client that allows the portal client 17 to communicate with the presentation server 19 via the web server 18. An internal client device 13 can access resources 54, e.g., applications and data, in the secure enterprise 15. External client devices 12, however, generally cannot access the portal client 17 over the Internet 11 because the portal client 17 is behind the enterprise's external firewalls 16a. To address this, the external client device 12 is required to establish a VPN tunnel 20 over the Internet 11 to traverse the external firewalls 16a in order to reach the portal client 17.
While this approach is functional, it is not suitable for security-sensitive enterprises for several reasons. First, this approach requires providing VPN access to the external client device 12, which is generally undesirable when the external client device 12 and its user are not affiliated with the enterprise. Moreover, such a VPN based solution raises serious security concerns in many enterprise security practices because it requires opening ports in each firewall to allow tunnel access from inside secure enterprise to go outside 15. Moreover, such a VPN based solution is relatively complicated to deploy because it requires configuring every external client device 12 and configuring or constraining the VPN gateway to limit the access for each external client device 12. This is not feasible for large enterprises which may have thousands of employees, customers, and partners around the world.
Another disadvantage of current VPN based solutions is that the remote access to the internal client device 13 and secure resources 54 through the VPN gateway, portal client 17, and presentation server 19, typically is not monitored or recorded for auditing purposes. Such monitoring and recording is critical when non-affiliated users and/or external client devices are granted remote access to the internal client device 13 and secure resources 54. Without such monitoring and auditing capabilities, security sensitive enterprises cannot determine who accessed the network 15, which internal client devices 13 were accessed, at what time such access was granted, and/or what commands were executed. Thus, for this additional reason, the current VPN based solutions are unsuitable for security sensitive enterprises.
Another major limitation of the VPN based approaches described above is that they apply to one direction access only. That is, these approaches apply to one enterprise and one lock-downed data center only. They do not allow “reverse access” or “mesh access” among a plurality of secure enterprises that are participating in joint business projects. For example, in a modern enterprise, an employee often requires access to resources inside his/her enterprise as well as to resources behind other entities, e.g., customers, vendors, and partners, that have business level collaboration with the employee's enterprise. The VPN based approaches do not offer “reverse access” or “mesh access” as an integrated solution because if deployed, those approaches would require very intrusive infrastructure re-working and provisioning, which is highly undesirable. As a result, the existing techniques do not address the needs of a modern global business environment.
Accordingly, there exists a need for methods, systems, and computer program products for providing terminal view access to internal client devices in a secure enterprise networks in a collaborative environment. The methods, systems and computer program products should allow distributed enterprises to control their individual access policies and user authentications, while enabling secure terminal view access to internal client devices as well as devices hosted behind other enterprises. The methods, systems and computer program products should provide monitoring and recording capabilities so that changes applied to the internal network and to the internal client devices can be recorded for auditing purposes.